About wpa2 psk on my home router!

thedrama

Hi, i have just purchased a WAG120n dsl modem/router especially for
my wireless clients. I set it up at both sides(wired and wirelessly) also
determined a PSK for wireless communication on WPA2 security mode.
However, im not sure about whether i need to change first PSK.
(cos it says that its renewed each 3600 seconds by default)

As WPA2 generates encryption key for each packet of transmitted data dynamically , i thought that i do not need to change the first PSK

Should i do?

it_consultant

I think you misunderstand the role of the pre-shared key, it is to allow association first. Random keys are generated after initial association through a handshake process where the access point and the computer agree on a number which is the encryption hash. This number changes (or rekeys) on a 3600 second interval. You don't need to change your PSK every 3600 seconds.

There is a slight vulnerability in the initial handshake wherein a man in the middle attack could possibly catch enough un-encrypted traffic that they are able to infer the encryption keys. Using a 802.1x (EAP) mitigates this risk but adds lots of complexity.

docrice

The pre-shared key in a WPA-PSK environment is the secret part of the sauce during the WPA four-way handshake. Everything else during the exchange is visible in the air to the attacker.

http://kimiushida.com/bitsandpieces/articles/flow_diagram_wpa-psk_4-way_handshake/flow_wpa-psk_4-way_handshake.png

During the handshake, a PTK (Pairwise Transient Key) is agreed upon between the client (supplicant) and access point (authenticator). The PTK contains the unicast encryption key:

http://sharkfest.wireshark.org/sharkfest.08/T1-7_DOtreppe_WLAN%20Analysis%20and%20Security.pdf

(check page 48 of the PDF; I couldn't find a better diagram showing the make-up of the PTK because The Google-fu is not strong with this one)